[BUG] IoC update can result in incorrect IoC

[Matthijsy]

Describe the bug If you create a IoC in case A, later on create the same IoC in Case B and then update the IoC in case B, it results in an incorrect IoC in Case A.

An example of this is using filenames and the corresponding hashes using the filename|hash type. Often you find the filename first, and thus enter this as IoC. Later on you find the hash and add this. If the filename is generic it can happen that it gets first linked to another case. Resulting in an incorrect IoC in the other Case

To Reproduce Steps to reproduce the behavior:

1. Create case A
2. Add IoC of type filename in case A with value 1.exe
3. Create case B
4. Add IoC of type filename in case B with value 1.exe
5. Update IoC in case B to type filename|sha256 in case B with value 1.exe|9715f69aaff7497966f162e784059ab010173ee92ef811b066fc3c818acc454d
6. Observe that the IoC in Case A is updated

Expected behavior You do see where the same IoC exists in other cases, but they don't update when updating it in another case.

[whikernel]

Hi @Matthijsy

Indeed, the IOC are shared between cases in the DB. If you create a new IOC in a case A, and add the same IOC in case B, it will actually only have one IOC in DB. Both cases will point to this IOC.
But indeed if you're changing in one case, it will change it in the other one as well... which is an issue if the change concerns the value or the type. We should definitely change that. Thanks for raising it.